During the attack on the US Department of Justice, music label UMG, and whitehouse.gov, in retaliation to the shutdown of Megaupload.com many anons used a tool that where being distributed that launched a Slowloris attack on any selected target.
Without anyone’s knowledge an unknown individual backdoored the tool with a Zeus Trojan. Zeus is most commonalty known for stealing paypal information, credit and numerous other virtual banking methods.
Each time Slowloris was downloaded and ran on the 20th of January, a Zeus client was also installed onto the system. The Zeus client then stealthily downloaded a “clean” variant of the Slowloris tool to substitute the modified copy in an effort to hide its existence on the tainted PC. Meanwhile, the Zeus trojan did what it’s most known for: logging passwords and cookies, as well as banking and webmail credentials, and sending them off to a command-and-control server.
Symantec has said that the modified version of Slowloris was widely downloaded.
“This Anonymous DoS tool on PasteBin has become quite popular among the Anonymous movement with more than 26,000 views and 400 tweets referring to the post,” noted Symantec’s official blog.